HackerOne Customer Terms and Conditions

Effective Date: June 1, 2020

These Customer Terms and Conditions apply to all Order Forms entered into on or after June 1, 2020 and for all Community Edition or other customers utilizing the HackerOne Services not pursuant to an Order Form as of such date.

Welcome to HackerOne! Please read these Customer Terms and Conditions carefully because they govern each Customer’s access to and use of the Services.

1. Agreement to Terms

By using the Services, a Customer agrees to be bound by these Customer Terms and Conditions and the General Terms and Conditions, which are incorporated by reference. If you do not understand any terms in these Customer Terms and Conditions or the General Terms and Conditions, please contact us before using the Services.

You may not access or use any Services unless you agree to abide by all of these Customer Terms and Conditions and the General Terms and Conditions (collectively, the “Agreement”).

2. Definitions

Certain capitalized terms used in these Customer Terms and Conditions are defined in the General Terms and Conditions

3. Services

A. HackerOne Platform. A Customer may access and use the HackerOne Platform solely for its and its Affiliates own business purposes in order to connect with Finders and utilize the Services set forth in an Order Form or otherwise mutually agreed by HackerOne and the Customer. Among other things, Customer may create Programs and offer Rewards to Finders for Finder Submissions to such Programs. Finders can browse the Programs and contact a Customer through the HackerOne Platform if Finders are interested in participating in such Programs and submitting Finder Submissions for the Programs under the terms described in Finder Terms and Conditions and/or the Program Policy. HackerOne may change all or any part of the HackerOne Platform or HackerOne Site, provided that such change in compliance with the terms of the Agreement and does not diminish the Services provided to Customers.

B. HackerOne Services.HackerOne will provide the Services set forth in a fully executed Order Form or otherwise mutually agreed by HackerOne and the Customer.

C. Third Party Services. If set forth on a fully executed Order Form, the Services may include Third Party Services, which will be provided by the third party to the Customer. HackerOne is not responsible for the Third Party Services, and HackerOne makes no warranty or representation with respect to the Third Party Services. If purchased by a Customer, the Customer agrees to be bound by any terms and conditions presented to the Customer by the Third Party Services provider governing the use of the applicable Third Party Services, and unless otherwise agreed, the Customer will remit payment for the Third Party Services directly to HackerOne within thirty (30) days of invoice, and HackerOne will pay the Third Party Services provider.

D. Use of the HackerOne Platform Services as a Finder. If a Customer or an employee of a Customer, wishes to access and use the Services as a Finder with the consent of Customer, then the Finder Terms and Conditions will govern the Customer’s or the Customer’s employee’s use of the Services, as a Finder. The Finder Terms and Conditions are independent of, and in addition to, these Customer Terms and Conditions. In such case, the Customer or the Customer’s employee, is solely responsible for performing the Finder’s obligations under the Finder Terms and Conditions.

4. Finder Submissions and Finders

A. HackerOne does not endorse any Finder. HackerOne is not responsible for any damage or harm resulting from a Customer’s communications or interactions with Finders or other customers, either through the Services or otherwise. Any reputation ranking or description of any Finder as part of the Services is not intended by HackerOne as an endorsement of any type. Any selection or use of any Finder is at the Customer’s own risk.

B. Any use or reliance of Finder Submissions that Customer receives is at Customer’s own risk. HackerOne does not endorse, represent, or guarantee the completeness, truthfulness, accuracy, or reliability of any Finder Submission. HackerOne will not be liable for any errors or omissions in any Finder Submission, or any loss or damage of any kind, incurred as a result of the use of any Finder Submission.

C. Finders are not employees, contractors, or agents of HackerOne, but are independent third parties who want to participate in Programs and connect with Customers through the Services. Unless otherwise expressly agreed to in writing by HackerOne, the Customer agrees that any legal remedy that the Customer seeks to obtain for actions or omissions of a Finder regarding the Customer’s Program or Finder Submissions will be limited to a claim against the particular Finder. Any contract or other interaction between a Customer and a Finder, including with respect to any Customer Program Policy, will be between the Customer and the Finder. HackerOne is not a party to such contracts and disclaims all liability arising from or related to such contracts.

5. Rewards and HackerOne Fees

A. Rewards. If applicable to the Customer’s Program and in accordance with the Program Policy, a Customer may award Rewards to those Finders who submit participate in the Customer’s Programs and/or submit Finder Submissions that meet the Customer’s requirements. HackerOne agrees to process such Reward payments on behalf of such Customers; provided, however that before processing any such payments HackerOne must receive a Reward prepayment from the Customer for the Program or the Customer must have a credit card on file with HackerOne. HackerOne is not responsible for delays in payment outside of HackerOne’s reasonable control, or unless otherwise set forth in an Order Form or agreed to by HackerOne, for processing or providing to Finders any Reward that is not a monetary payment.

B. HackerOne Fees. The Customer agrees to pay HackerOne all fees for HackerOne’s Services and, unless otherwise set forth in an Order Form, a Rewards fee equal to twenty percent (20%) of each monetary Reward awarded to a Finder (collectively, “HackerOne Fees”) and any Reward prepayments listed in any applicable Order Form within thirty (30) days of the date of HackerOne’s invoice unless otherwise stated on Order Form. Except for any amounts disputed in good faith, all undisputed past due amounts will incur interest at a rate of 1.5% per month or the maximum rate permitted by law, whichever is less. Customers will reimburse HackerOne for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any undisputed overdue amounts. The HackerOne Fees and Reward payments to Finders are nonrefundable, except as otherwise specifically provided herein or in the applicable Order Form.

C. Taxes. The Customer is responsible for any duties, customs, fees, or taxes due on account of its use of the Services, including any withholding taxes based on the classification of the Services being rendered, excluding any taxes imposed by the United States on HackerOne’s income. If a Customer is required by Applicable Law to withhold any amount from the HackerOne Fees specified in the Order Form, then the Customer will pay HackerOne such HackerOne Fees as if no withholding were required and shall separately remit the withholding amount to the appropriate governmental authorities and provide evidence of such payment to HackerOne.

6. Programs and Program Materials

A. HackerOne makes available through the HackerOne Platform both managed Programs, under which HackerOne is responsible for the management and the administration of a Customer’s Programs with input and approval from the Customer as mutually agreed throughout the Program, and Programs that are self-managed by Customers. If an Order Form does not specifically identify HackerOne as being responsible for the management and administration of a Customer’s Programs, then the Customer is solely responsible for the management and administration of Customer’s Programs through the Services. HackerOne’s Vulnerability Disclosure Guidelines, which describe the default disclosure policy governing vulnerability reporting through the Services, will be applicable to the Services except to the extent a Customer adopts its own Program Policy with respect to its Program. In the event of any conflict between a Customer’s Program Policy and HackerOne’s Vulnerability Disclosure Guidelines, the Customer’s Program Policy shall prevail.

B. HackerOne reserves the right to reject a Program if, in its sole reasonable discretion if HackerOne reasonably objects to the Program and/or its Program Policy. HackerOne will notify the Customer of its intention to reject a Program, will identify its objections to the Program, and will work with the Customer to address those objections. In addition, where any Program is inactive or unattended by a Customer, HackerOne shall have the right to remove or disable access to the relevant Program Material and/or pause Finder Submissions if the Customer has not responded to HackerOne’s written notice (by email) requiring attention within ten (10) business days of such written notice.

C. While HackerOne may assist Customer in preparing Customer’s Program Material, Customer is solely responsible for Customer’s Program Material.

7. Intellectual Property Ownership and Licenses

A. HackerOne does not claim any ownership rights in any Program Material or Finder Submissions, and nothing in this Agreement or otherwise will be deemed to restrict any rights that a Customer may have to use and exploit its Program Material and Finder Submissions. HackerOne and its licensors exclusively own all right, title, and interest in and to the HackerOne Property.

B. By making any Program Material available through the Services, the Customer hereby grants to HackerOne a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to use, copy, reproduce, display, modify, adapt, transmit, and distribute copies of the Customer’s Program Material for the sole purpose of providing the Services.

C. HackerOne hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to access and view the content and other HackerOne Property that HackerOne makes available on the Services solely in connection with the Customer’s permitted use of the HackerOne Platform and Services.

D. HackerOne hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to access and view the Finder Submissions that are made available through the HackerOne Platform and the Services solely in connection with the Customer’s permitted use of the HackerOne Platform and Services.

E. Subject to HackerOne’s ownership of any HackerOne Property contained therein, the Customer will own all right, title, and interest to each Customer Report. HackerOne hereby grants the Customer a non-exclusive, non-transferable, perpetual, worldwide license to access, use, and reproduce any HackerOne Property included in each Customer Report.

8. Confidentiality

The General Terms and Conditions sets forth the Customer’s and HackerOne’s obligations to protect Confidential Information of the other party.

9. Warranty

A. HackerOne represents and warrants that the HackerOne Platform and the Services provided to a Customer will be provided as described in an applicable Order Form or as otherwise mutually agreed by HackerOne and the Customer, by qualified personnel in a professional manner, and will comply in all material respects with the documentation and content made available by HackerOne with respect thereto. In order to state a claim for breach of the foregoing warranty, a Customer must provide notice of such non-compliance within the thirty (30) day period following such non-compliance specifying the details of such noncompliance. If a Customer timely provides HackerOne with the required notice, as the Customer’s sole and exclusive remedy, HackerOne shall re-perform such portion of the Services or otherwise use commercially reasonable efforts to correct any such non-compliance, at its expense, within thirty (30) days of its receipt of such notice.

B. EXCEPT AS SPECIFICALLY SET FORTH HEREIN, THE SERVICES ARE PROVIDED BY HACKERONE “AS IS,” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, HACKERONE EXPLICITLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING, CUSTOM, OR USAGE OF TRADE. HackerOne makes no warranty that the Services will meet a Customer’s specific requirements or be available on an uninterrupted, secure, or error-free basis.

10. Indemnification

A. The Customer will indemnify, defend, and hold harmless HackerOne and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a third party claim (i) that the Customer’s Program Materials infringe upon a patent, copyright, trademark, or trade secret of a third party, or (ii) arising from the Customer’s use of a Finder Submission in violation of its Program Policy.

B. HackerOne will indemnify, defend, and hold harmless the Customer and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a third party claim that the HackerOne Platform infringes upon a patent, copyright, trademark, or trade secret of a third party, provided that HackerOne shall not be responsible for any such claim to the extent arising out of or relating to a Finder Submission or the Customer’s Program Materials.

C. The indemnified party shall give prompt written notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified party shall have the right to provide for its separate defense at its own expense. The rights and remedies set forth in this Section 10 states a party’s exclusive liability and the other party’s exclusive rights and remedies with regard to claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights.

Please see our existing Customer Terms and Conditions related to Order Forms entered into prior to June 1, 2020.